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DETAILED ACTION 
Remarks 

1 , In response to communications filed on 08-July-2004, claims 1-21 are presently pending in 
the application, of which, claims 1, 12, 15 and 19 are in independent form. 

Claim Rejections - 35 USC §103 

2, The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3, Claims 1-1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over England (U.S. 
Patent No. 6,330,670) in view of Adams et al (U.S. Patent No. 6,363,485), and further in 
view of Reardon (U.S. Patent No. 6,212,635.) 

As to claim 1, England teaches a method (see Abstract) comprising: 

authenticating a user of a platform during a Basic Input/Output System (BIOS) boot 
process (see column 6, lines 9-23, and see column 7, lines 33-50); and 

decrypt a second BIOS area to recover a second segment of BIOS code (see column 7, 
lines 45-62.) 

England does not teach: 
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combining the first keying material with a second keying material internally stored within 
the platform in order to produce a combination key; and 
using the combination key to decrypt code. 

Adams et al teaches a multi-factor biometric authentication device and method (see 
Abstract), in which he teaches combining the first keying material with a second keying 
material internally stored within the platform in order to produce a combination key (see 
Abstract, and see column 2, lines 34-39, and see column 3, Unes 10-17); and 

using the combination key to decrypt code (see column 2, lines 48-62, and see column 5, 
lines 44-54.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified England to include using the combination key 
to decrypt code; and using the combination key to decrypt code. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified England by the teaching of Adams et al . because 
combining the first keying material with a second keying material internally stored within the 
platform in order to produce a combination key; and using the combination key to decrypt 
code, would provide more security for user authentications and data access by users. 

England as modified, still does not teach: releasing a first keying material from a token 
communicatively coupled to the platform in response to authenticating the user. 

Reardon teaches a network security system (see Abstract), in which he teaches releasing a 
first keying material fi-om a token communicatively coupled to the platform in response to 
authenticating the user (see column 3, lines 18-67, and see column 8, Unes 43-67.) 
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Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified England as modified, to include releasing a 
first keying material from a token communicatively coupled to the platform in response to 
authenticating the user. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified England as modified, by the teaching of Reardon , 
because releasing a first keying material from a token communicatively coupled to the 
platform in response to authenticating the user, would enhance the system security, because 
the token could be easily transported, like an ID card. The "key" to the data can therefore be 
stored away from the Data, as taught by Reardon (see column 2, Unes 51-67.) 

As to claim 2, England as modified teaches the method further comprising: continuing 
the BIOS boot process (see England , column 11, lines 54-63.) 

As to claim 3, England as modified teaches wherein prior to authenticating the user (see 
England , column 6, lines 9-23, and see column 7, lines 33-50), the method comprises: 

loading a BIOS code including a first BIOS area and a second BIOS area (see England , 
column 1 1, lines 30-63), the first BIOS area being an encrypted first segment of the BIOS 
code and the second BIOS area being an encrypted second segment of the BIOS code (see 
England , column 10, lines 4-13, and see column 16, lines 52-66.) 
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As to claim 4, England as modified teaches wherein after loading of the BIOS code, the 
method further comprises: 

decrypting the first BIOS area to recover the first segment of the BIOS code (see 
England , column 1 0, lines 41-51.) 

As to claim 5, England as modified teaches the method further comprising: 
unbinding keying material associated with a non-volatile storage device to access 
contents stored within the non-volatile storage device (see England , figure IB.) 

As to claim 6, England as modified still does not teach wherein the combination key is a 
value formed by performing an exclusive OR operation on both the first keying material and 
the second keying material. 

Adams et aL in another embodiment of his invention teaches wherein the combination 
key is a value formed by performing an exclusive OR operation on both the fu"st keying 
material and the second keying material (see Abstract, and see column 3, line 59 through 
column 4, line 3.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified England as modified, to include wherein the 
combination key is a value formed by performing an exclusive OR operation on both the first 
keying material and the second keying material. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified England as modified, by the further teaching of Adams 
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et al because wherein the combination key is a value formed by performing an exclusive OR 
operation on both the first keying material and the second keying material, would provide an 
effective way of combining keys in encryption and authentication environment. 

As to claim 7, England as modified teaches wherein authentication of the user is 
performed through biometrics (see Adams et al Abstract, and see column 2, hnes 3 1-47.) 

As to claim 8, England as modified teaches wherein the second keying material is stored 
within internal memory of a trusted platform module (see England . Abstract; see column 15, 
lines 62-67, and column 16, lines 42-49.) 

As to claim 9, England as modified teaches wherein the second keying material is stored 
within a section of access-controlled system memory of the platform (see England , column 
19, lines 18-28, and see figure 10.) 

As to claim 10, England as modified teaches wherein prior to authenticating the user, the 
method comprises: 

loading a BIOS code including a first BIOS area (see England , column 11, lines 30-63) 
being a first segment of the BIOS code encrypted using a selected keying material (see 
England , column 10, lines 4-13, and see column 16, hnes 52-66); and 

loading an integrity metric including a hash value of an identification information of the 
platform (see England , column 2, line 60 through column 3, line 30.) 
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As to claim 11, England as modified teaches wherein the identification information 
includes a serial number of an integrated circuit device employed within the platform (see 
England , column 18, lines 47-54,) 

4. Claims 12-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over England (U.S. 
Patent No. 6,330,670) in view of Adams et al (U.S. Patent No, 6,363,485.) 

As to claim 12, England teaches an integrated circuit device (see column 5, lines 52-62) 
comprising: 

a boot block memory unit (see column 11, lines 26-47, and see figures 7A-7C); and 

a trusted platform module communicatively coupled to the boot block memory unit (see 
column 11, lines 48-53), and to decrypt a second BIOS area to recover a second segment of 
BIOS code (see column 7, lines 45-62.) 

England does not teach to produce a combination key by combining a first incoming 
keying material with a second keying material internally stored within the integrated circuit. 

Adams et al teaches a multi-factor biometric authentication device and method (see 
Abstract), in which he teaches to produce a combination key by combining a first incoming 
keying material with a second keying material internally stored within the integrated circuit 
(see Abstract, and see column 2, lines 34-39, and see column 3, lines 10-17.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified England to include producing a combination 
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key by combining a first incoming keying material with a second keying material internally 
stored within the integrated circuit. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified England by the teaching of Adams et al because 
producing a combination key by combining a first incoming keying material with a second 
keying material internally stored within the integrated circuit, would provide more security 
for user authentications and data access by users. 

As to claim 13, England as modified teaches wherein the boot block memory unit to load 
a BIOS code including a first BIOS area and a second BIOS area (see England , column 11, 
lines 30-63), the first BIOS area being an encrypted first segment of the BIOS code and the 
second BIOS area being an encrypted second segment of the BIOS code (see England , 
column 10, lines 4-13, and see column 16, lines 52-66.) 

As to claim 14, England as modified teaches wherein the trusted platform module to 
decrypt the first BIOS area to recover the first segment of the BIOS code (see England , 
column 10, lines 41-51.) 

As to claim 15, England teaches a platform (see column 52-62) comprising: 
an input/output control hub (ICH) (see column 6, Hnes 9-23); 

a non-volatile memory unit coupled to the ICH, the non-volatile memory unit including a 
BIOS code including a first BIOS area and a second BIOS area (see figure 1 A), the first 
BIOS area being an encrypted first segment of the BIOS code and the second BIOS area 
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being an encrypted second segment of the BIOS code (see column 10, lines 4-13, and see 
column 16, lines 52-66); 

For the remaining steps of this claim, the applicant is kindly directed to remarks and 
discussions made in claim 12 above. 

As to claim 16, England as modified teaches wherein the trusted platform module to 
further decrypt the fu-st BIOS area to recover the first segment of the BIOS code in an non- 
encrypted format (see England , column 10, lines 41-51.) 

As to claim 17, England as modified teaches the platform further comprising a hard disk 
drive coupled to the ICH (see England , figure 1 A.) 

As to claims 18 and 21, England as modified teaches wherein the trusted platform 
module to further unbind keying material associated with the hard disk drive to access 
contents stored within the hard disk drive (see England , figure IB.) 

As to claim 19, England teaches a program loaded into readable memory for execution by 
a trusted platform module of a platform (see column 5, lines 39-5 1.) For the remaining steps 
of this claim, the applicant is kindly directed to remarks and discussions made in claims 12 
and 15 above. 
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As to claim 20, England as modified teaches wherein the first BIOS area is the fu^st 
segment of the BIOS code encrypted with a keying material (see England , column 10, lines 
4-13, and see column 16, lines 52-66) and the second BIOS area is the second segment of the 
BIOS code encrypted with the combination key (see England , column 7, line 51 through 
column 8, line 6, and see column 13, lines 60-67.) 

Response to Arguments 
5, Applicant's arguments filed on 08-July-2004 with respect to the rejected claims in view of 
the cited references have been fully considered but they are not deemed persuasive: 

In response to the applicant's arguments that "these references provide no motivation 
toward the recovery of a segment of the BIOS", the arguments have been fully considered 
but are not deemed persuasive because England teaches "decrypt a second BIOS area to 
recover a second segment of BIOS code" (see column 7, Unes 45-62.) 

Further, the examiner recognizes that obviousness can only be established by combining 
or modifying the teachings of the prior art to produce the claimed invention where there is 
some teaching, suggestion, or motivation to do so found either in the references themselves 
or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 
F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and/« re Jones, 958 F.2d 347, 21 
USPQ2d 1941 (Fed. Cir. 1992). In this case, the examiner has established the obviousness in 
the knowledge generally available to one of ordinary skill in the art, to have modified 
England by the teaching of Adams et al because combining the first keying material with a 
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second keying material internally stored within the platform in order to produce a 
combination key; and using the combination key to decrypt code, would provide more 
security for user authentications and data access by users, and again to have modified 
England as modified, by the teaching of Reardon . because releasing a first keying material 
fi^om a token communicatively coupled to the platform in response to authenticating the user, 
would enhance the system security, because the token could be easily transported, like an ED 
card. The "key" to the data can therefore be stored away fi-om the Data, as taught by Reardon 
(see column 2, lines 51-67.) 

In response to the apphcant's arguments that "there is no teaching of a 'trusted platform 
module' being part of the integrated circuit device as set forth in claim 12", the arguments 
have been fully considered but are not found persuasive, because England teaches "trusted 
module" in he Abstract, and in column 8, Une 66 through column 9, line 15, and also in 
column 11, lines 48-53. 

In response to the applicant's arguments that "with respect to claim 3, England (column 
11, lines 30-63) does not disclose the loading of a BIOS code including a first BIOS area and 
a second BIOS area", the arguments have been fully considered but are not deemed 
persuasive, because England , in column 11, lines 30-63, refers to figures 7A-7C. Figure 7B, 
clearly depicts "BASIC BOOT CODE 715", and "BOOT CODE 717", depicted in blocks 
711 and 713, respectively. The examiner is interpreting "first bios area" being read on 
"BASIC BOOT CODE 715", and "second BIOS area", being read on "BOOT CODE 717". 
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Conclusion 



6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy 
as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS fi-om the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until 
after the end of the THREE-MONTH shortened statutory period, then the shortened statutory 
period will expire on the date the advisory action is mailed, and any extension fee pursuant to 
37 CFR 1. 136(a) will be calculated firom the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS fi-om the mailing 
date of this final action. 

7. Any inquiries concerning this communication or earlier communications from the examiner 
should be directed to Tony Mahmoudi whose telephone number is (571) 272-4078. The 
examiner can normally be reached on Mondays-Fridays from 08:00 am to 04:30 pm. 

If attempts to reach the examiner by telephone are unsuccessfial, the examiner's 
supervisor, Dov Popovici, can be reached at (571) 272-4083, 
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January 10, 2005 




